On Mon, 14 Oct 2002, Jim Wilcoxson wrote: > > I have a lame hack I do which is to check the ns_server information to see if >there is already a process running from the peer address via a filter. It works for >me since mine is an internal app and we have no proxy. > > The problem with this approach IMO is that there are no options at > that point. You can either do the request or reject the request. > Even if you do a time delay, your server is potentially hosing itself > because it would be easy to use this in a DOS attach to tie up all the > server threads in a sleep. > > At least for us, totally rejecting simultanous requests wouldn't work. > And it doesn't address the problem of a surfer on a cable modem > hitting all of our dynamic pages one at a time. That could easily be > a 10-20 requests per second load.
I think you even don't want to limit the amount of simultaneous requests. I think what you actually want is to decrease the priority of the heavy user. If no one else is using the server, what's the problem? But as soon as other users are experiencing long wait times, then you want to take action. Daniël Mantione
